Skip to content

Commit

Permalink
only escape repo urls if necessary (#10710)
Browse files Browse the repository at this point in the history
  • Loading branch information
@brettfo
brettfo authored Oct 2, 2024
1 parent ab0c204 commit a8fd490
Show file tree
Hide file tree
Showing 2 changed files with 50 additions and 1 deletion.
12 changes: 11 additions & 1 deletion nuget/lib/dependabot/nuget/update_checker/repository_finder.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@

module Dependabot
module Nuget
# rubocop:disable Metrics/ClassLength
class RepositoryFinder
extend T::Sig

Expand Down Expand Up @@ -48,7 +49,15 @@ def known_repositories
@known_repositories << { url: DEFAULT_REPOSITORY_URL, token: nil } if @known_repositories.empty?

@known_repositories = @known_repositories.map do |repo|
{ url: URI::DEFAULT_PARSER.escape(repo[:url]), token: repo[:token] }
url = repo[:url]
begin
url = URI::DEFAULT_PARSER.parse(url).to_s
rescue URI::InvalidURIError
# e.g., the url has spaces or unacceptable symbols
url = URI::DEFAULT_PARSER.escape(url)
end

{ url: url, token: repo[:token] }
end
@known_repositories.uniq
end
Expand Down Expand Up @@ -452,5 +461,6 @@ def auth_header_for_token(token)
end
end
end
# rubocop:enable Metrics/ClassLength
end
end
39 changes: 39 additions & 0 deletions nuget/spec/dependabot/nuget/update_checker/repository_finder_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,4 +105,43 @@
end
end
end

describe "#known_repositories" do
subject(:url) do
dependency = Dependabot::Dependency.new(
name: "Some.Package",
version: "1.0.0",
requirements: [],
package_manager: "nuget"
)
instance = described_class.new(dependency: dependency, credentials: credentials)
instance.known_repositories.first.fetch(:url)
end

let(:credentials) { [{ "type" => "nuget_feed", "url" => feed_url }] }

context "when no escaping is required" do
let(:feed_url) { "https://nuget.example.com/v3/index.json" }

it { is_expected.to eq("https://nuget.example.com/v3/index.json") }
end

context "when escaping is required" do
let(:feed_url) { "https://nuget.example.com/feed with spaces/v3/index.json" }

it { is_expected.to eq("https://nuget.example.com/feed%20with%20spaces/v3/index.json") }
end

context "when escaping has already been done" do
let(:feed_url) { "https://nuget.example.com/feed%20with%20spaces/v3/index.json" }

it { is_expected.to eq("https://nuget.example.com/feed%20with%20spaces/v3/index.json") }
end

context "when the feed is a relative local path" do
let(:feed_url) { "../packages" }

it { is_expected.to eq("../packages") }
end
end
end

0 comments on commit a8fd490

Please sign in to comment.